Threat actors leveraging cracked versions of the penetration testing tool Cobalt Strike face new challenges as Microsoft, Fortra and the Health Information Sharing and Analysis Center (Health-ISAC) step up efforts to reduce instances of the software tool from being available for download on warez sites and the networks that host them.Forked versions of the Cobalt Strike software have proliferated among cybercriminals and are attributed to a scourge of malware attacks. Cobalt Strike is used by security professionals to simulate an adversarial attack against a company's attack surface. The respected tool, used widely by red team security professionals, has been coopted by criminals who use the software in a growing number of cyberattacks."Our action focuses solely on disrupting cracked, legacy copies of Cobalt Strike and compromised Microsoft software," wrote Amy Hogan-Burney, general manager at Microsoft's Digital Crimes Unit in a blog posted Thursday outlining the effort.As part of the effort, the companies and Health-ISAC were granted a court order on March 31 from the US District Court for the Eastern District of New York that empowers Microsoft, Fortra, and Health-ISAC to work with internet service providers and computer emergency readiness teams (CERTs) who can assist in taking the infrastructure used by cybercriminals to distribute illegal copies of Cobalt Strike offline.“Together, we are committed to going after the cybercriminal’s illegal distribution methods,” Microsoft officials said in the announcement. “We’ll need to be persistent as we work to take down the cracked, legacy copies of Cobalt Strike hosted around the world.”The court order, Hogan-Burney said, will boost investigation efforts that include detection, analysis, telemetry and reverse engineering. Additional data and insights will help strengthen related legal cases, she said.Microsoft, Fortra, and Health-ISAC also said, as part of their stepped up efforts, they will be collaborating with the FBI, the National Cyber Investigative Joint Task Force and Europol’s European Cybercrime Centre on related cases.Microsoft said older versions of the pen testing tool continue to be “abused and altered” by cybercriminals. The “cracked” or illegal copies, for example, were behind destructive attacks on the Costa Rican government and the massive attack on the Irish Health Service Executive (HSE).
Threat Management, Malware, Threat Management
Microsoft’s war on illicit Cobalt Strike software is part of a new anti-ransomware front

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



